summaryrefslogtreecommitdiffstats
path: root/roles/common
Commit message (Expand)AuthorAgeFiles
* Postfix: pin key material to our MX:es for fripost.org and its subdomains.Guilhem Moulin2021-01-261
* Firewall: Always include 172.16.0.0/12 to the bogon list.Guilhem Moulin2020-11-151
* Firewall: Add counter to dropped ICMP packets.Guilhem Moulin2020-11-151
* rkhunter: workaround for mix usrmerge/non-usrmerge environments.Guilhem Moulin2020-11-151
* Firewall: ICMPv6: accept link-local multicast receiver notification messages.Guilhem Moulin2020-11-151
* Change NTP client to systemd-timesyncd.Guilhem Moulin2020-11-155
* logcheck-database update.Guilhem Moulin2020-11-154
* Firewall: allow ICMP type 11 (time time-exceeded).Guilhem Moulin2020-11-031
* Bacula: refactor systemd service files.Guilhem Moulin2020-11-032
* Firewall: Move IPsec/ICMP/ICMPv6 rules to ingress chain.Guilhem Moulin2020-11-031
* Firewall: Move martian and bogus TCP filters early in the packet flow.Guilhem Moulin2020-11-021
* kernel parameters: Disable SYN cookies and improve SYN backlog handling.Guilhem Moulin2020-11-021
* typofixGuilhem Moulin2020-11-021
* IMAP: Update role to Debian Buster.Guilhem Moulin2020-05-191
* MSA: Update role to Debian Buster.Guilhem Moulin2020-05-191
* s/LDAP-provider/LDAP_provider/Guilhem Moulin2020-05-192
* stunnel4: Harden and socket-activate.Guilhem Moulin2020-05-182
* Firewall: note on reqid matching.Guilhem Moulin2020-05-181
* AEAD ciphers: Add EECDH+CHACHA20 macro.Guilhem Moulin2020-05-181
* Firewall: Use `meta secpath exists` to match xfrm associations.Guilhem Moulin2020-05-181
* Remove 'meta: flush_handlers' directives under conditionals.Guilhem Moulin2020-05-171
* Roundcube: Port to Debian 10.Guilhem Moulin2020-05-171
* typofixGuilhem Moulin2020-05-161
* Upgrade baseline to Debian 10.Guilhem Moulin2020-05-1623
* /etc/apt/sources.list: Use https:// URIs.Guilhem Moulin2020-01-251
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-257
* Convert firewall to nftables.Guilhem Moulin2020-01-2311
* Postfix: disable DNS lookups on the internal SMTPds.Guilhem Moulin2020-01-231
* tr/-/_/ in group names.Guilhem Moulin2020-01-223
* MSA: Open 465/TCP for Email Submission over TLS.Guilhem Moulin2019-03-194
* firewall: gracefully close invalid connections.Guilhem Moulin2018-12-221
* fail2ban: Only install the roundcube/dovecot filters if needed.Guilhem Moulin2018-12-151
* submission: Prospective SPF checking.Guilhem Moulin2018-12-122
* IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.Guilhem Moulin2018-12-091
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-091
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-096
* Disable resume device.Guilhem Moulin2018-12-093
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-092
* bacula-*.service: Don't fork in the background.Guilhem Moulin2018-12-091
* Upgrade 'lists' role to Debian Stretch.Guilhem Moulin2018-12-091
* Firewall: disable outgoing access to git:// remote servers.Guilhem Moulin2018-12-091
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-092
* Firewall: REJECT outgoing connections instead of DROPing them.Guilhem Moulin2018-12-091
* Don't install the haveged entropy daemon.Guilhem Moulin2018-12-092
* ntp.conf: reduce delta with the packaged version.Guilhem Moulin2018-12-091
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-061
* postfix ≥3.0: don't advertise SMTPUTF8 support.Guilhem Moulin2018-12-061
* DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.Guilhem Moulin2018-12-051
* Install unbound on metal hosts.Guilhem Moulin2018-12-034